by Hi `who | cut -f1 d' '`,
Lately, I have been reading some articles on buffer overflows. Many of them seem to be caused by using local
variables that are allocated on the stack and then written to with no proper bounds checking. I don't know of
other architectures, but on x86, the stack grows downwards (from higher memory addresses to lower memory
addresses). This makes buffer overflows attacks easy to exploit: if a function uses strcpy() instead of strncpy() to
copy data (or memset or anything else that normally works upwards), due to the downwards nature of the stack
implementation, it's possible to overwrite the function's return address, or even another function local data
waiting in the call stack -> the stack grows downwards, but strcpy() works upwards, thus being able to cross
stack function boundaries (overwritting other functions local data or even its return address).
However, what would happen if the stack was implemented to grow upwards (from lower memory addresses to
higher memory addresses)? With this kind of implementation, if the last function in the call stack invokes
strcpy() over a local variable (allocated onto the stack) without checking bounds, the extra data would not
overwrite neither the own function's return address nor any other function waiting onto the call stack -> the
stack grows upwards and so does strcpy() when writting memory.
I know there are hardware implementation details involved in this issue, like the way PUSH and POP work, but
this is just an idea :-)
Comments on this? Could this be viable? Is the whole idea stupid in general?
Thanks!
Felipe Alfaro
--
______________________________________________
http://www.linuxmail.org/
Now with e-mail forwarding for only US$5.95/yr
Powered by Outblaze
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/